*** ralonsoh_ is now known as ralonsoh | 08:08 | |
kevko | morning | 08:30 |
---|---|---|
kevko | mnasiadka bbezak some trivials ? https://review.opendev.org/c/openstack/kolla-ansible/+/908429 https://review.opendev.org/c/openstack/kolla-ansible/+/907971 | 08:31 |
hamidlotfi_ | morning, | 08:38 |
hamidlotfi_ | I have an environment with Neutron OVS, after successful deployment, I went to update the environment with enable_neutron_agent_ha and then reconfigure, but nothing changed. | 08:38 |
hamidlotfi_ | please help me to resolve my problem. | 08:39 |
kevko | hamidlotfi_: so you don't have l3_ha = true in your neutron.conf ? | 08:40 |
kevko | for example ? | 08:40 |
hamidlotfi_ | I set the `enable_neutron_agent_ha: "yes"` in my global.yml | 08:41 |
kevko | hamidlotfi_: yes, and i am asking if you have l3_ha = true in your /etc/kolla/neutron-server/neutron.conf on network node | 08:41 |
hamidlotfi_ | Should I change anything else? | 08:41 |
kevko | hamidlotfi_: firstly you should give an answer ... | 08:42 |
hamidlotfi_ | No, I didn't change `/etc/kolla/neutron-server/neutron.conf` | 08:43 |
kevko | hamidlotfi_: that was not my question ...question was if you have such option in this file ... | 08:43 |
hamidlotfi_ | No, I don't have `/etc/kolla/neutron-server/neutron.conf` | 08:44 |
mnasiadka | morning | 08:45 |
kevko | hamidlotfi_: do you want to say that you don't have neutron-server ? :D | 08:45 |
kevko | or you don't have that option inside ? :D | 08:45 |
kevko | mnasiadka: morning | 08:45 |
mnasiadka | SvenKieske, frickler, bbezak: https://review.opendev.org/c/openstack/kolla-ansible/+/908405 | 08:46 |
hamidlotfi_ | No, I say don't have this option. | 08:46 |
kevko | hamidlotfi_: cool, version of kolla-ansible ? (or commit id ? ) | 08:47 |
hamidlotfi_ | 15.3.1 | 08:47 |
hamidlotfi_ | Also, I use from ZED version of openstack. | 08:48 |
kevko | hamidlotfi_: can u say from where you downloaded kolla-ansible if official 15.3.1 don't exist ? :D | 08:49 |
kevko | hamidlotfi_: https://pypi.org/project/kolla-ansible/#history | 08:49 |
hamidlotfi_ | let me check. | 08:50 |
hamidlotfi_ | I ran this command: | 08:51 |
hamidlotfi_ | `pip install git+https://opendev.org/openstack/kolla-ansible@stable/zed` | 08:51 |
hamidlotfi_ | https://pypi.org/project/kolla-ansible/15.3.0/ | 08:51 |
kevko | hamidlotfi_: so you installed via git ...ok | 08:51 |
hamidlotfi_ | yes | 08:52 |
mnasiadka | frickler,SvenKieske,kevko, bbezak: with the service role for Nova and Cinder - initially I thought about removing admin role from nova/cinder users, but I'm not so sure about backporting that all the way to zed - so I left it there - WDYT? | 08:53 |
hamidlotfi_ | Is it not right? | 08:53 |
kevko | mnasiadka: i don't think we need to remove admin in first step ...I think it's enough to provide service_tokens_role_required = service ... (default is admin ...and remember that this is not working correctly and returning wrong reply code for some action ... attach/detach ... but it's some time for now i've tested ) | 08:54 |
mnasiadka | kevko: yes, that's why my approach is to add service (for backportability) and then remove admin only in master | 08:55 |
kevko | mnasiadka: add service user is good step i think in all scenarios ... | 08:56 |
kevko | s/user/role | 08:56 |
kevko | mnasiadka: yeah, i think this can work i suppose | 08:57 |
mnasiadka | well, not all services support that, and we only need to backport nova/cinder mix to solve properly the sec bug | 08:57 |
mnasiadka | all the rest should be done in master only, especially ironic which bbezak is working on | 08:57 |
kevko | mnasiadka: another question is if we will add service role for all users because it makes sense only in cinder<->nova | 08:57 |
kevko | mnasiadka: okay you were first :D | 08:58 |
mnasiadka | :D | 08:58 |
kevko | kevko: i don't know if i have some strict opinion ..because roles are checked in policies ... OR this service role is checked in a code somewhere If i remember (nova,cinder,os-brick)...because of some CVE reported ...so if we add service role to all users ...it shouldn't break anything ...and apply our stuff in config for nova/cinder ...but as I | 09:01 |
kevko | said ..i don't have strict opinion how to do it | 09:01 |
kevko | mnasiadka: ^^ :D | 09:01 |
kevko | mnasiadka: I would say if there is already service role ...IF someone will implement similar approach ... he will definitely use that service role ... | 09:02 |
hamidlotfi_ | kevko: what should I do? | 09:02 |
kevko | hamidlotfi_: do you have ha_vrrp_health_check_interval = 5 in your /etc/kolla/neutron-l3-agent/l3_agent.ini ? | 09:03 |
kevko | hamidlotfi_: you said nothing is changed after reconfigure ...but from a code it's visible that you should have this option configured ... so if you have this in that config option ..you have this configured also before your reconfigure ..and that's the reason why nothing was changed | 09:05 |
hamidlotfi_ | kevko: Sorry I didn't add any options, so I have to add those options first and then run the reconfigure. | 09:10 |
kevko | hamidlotfi_: haha, it's very hard with you :D | 09:10 |
hamidlotfi_ | I thought that by activating the `enable_neutron_agent_ha: "yes"` option, it would write the settings required by the service. 😉 | 09:11 |
kevko | hamidlotfi_: and I am asking if you have rendered such option in config file :D | 09:12 |
kevko | hamidlotfi_: https://github.com/openstack/kolla-ansible/blob/673eda91a431c41bb69b42050aac946cc04a604d/ansible/roles/neutron/templates/l3_agent.ini.j2#L13C1-L15C12 | 09:12 |
hamidlotfi_ | No 😁 | 09:12 |
kevko | hamidlotfi_: so I am asking for the last time ..do you have such option rendered which is dependent on enable_neutron_agent_ha ? | 09:13 |
kevko | hamidlotfi_: so, it means you didn't set that option correctly ...because jinja din't rendered it ! | 09:13 |
kevko | hamidlotfi_: check your config and try again | 09:13 |
hamidlotfi_ | Ok, thank you for your time and response. | 09:14 |
opendevreview | Rafal Lewandowski proposed openstack/kayobe master: Add Redfish rules to Ironic and Bifrost introspection https://review.opendev.org/c/openstack/kayobe/+/902772 | 10:41 |
opendevreview | Bartosz Bezak proposed openstack/kolla-ansible master: Ironic: enable elevated access for users with service role https://review.opendev.org/c/openstack/kolla-ansible/+/908007 | 10:57 |
opendevreview | Bartosz Bezak proposed openstack/kolla-ansible master: Add service role to ironic service users https://review.opendev.org/c/openstack/kolla-ansible/+/908580 | 10:57 |
opendevreview | Bartosz Bezak proposed openstack/kolla-ansible master: Template system scoped admin-openrc and clouds.yml files https://review.opendev.org/c/openstack/kolla-ansible/+/908168 | 10:57 |
opendevreview | Bartosz Bezak proposed openstack/kolla-ansible master: Revert "Disable new defaults and scope for Ironic (RBAC)" https://review.opendev.org/c/openstack/kolla-ansible/+/907274 | 10:57 |
opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Implement Redis as caching backend https://review.opendev.org/c/openstack/kolla-ansible/+/903978 | 11:43 |
kevko | mnasiadka: I'm messing around with the kolla code .... correct me if I am wrong ..but as per https://review.opendev.org/c/openstack/kolla/+/246762 we are using virtualenv to avoid conflicts with system packages ..... BUT during the time we added --system-site-packages ...so it don't makes sense to use virtualenv :D :D :D | 12:33 |
kevko | and adding usseless complexity ...why ? | 12:35 |
opendevreview | hilal alsac proposed openstack/kolla-ansible master: use haproxy_backend_http_extra and haproxy_backend_tcp_extra in haproxy-config template https://review.opendev.org/c/openstack/kolla-ansible/+/908772 | 12:44 |
opendevreview | hilal alsac proposed openstack/kolla-ansible master: use haproxy_backend_http_extra and haproxy_backend_tcp_extra in haproxy-config template https://review.opendev.org/c/openstack/kolla-ansible/+/908772 | 12:48 |
mnasiadka | kevko: and why do you think without a venv is better? we're using --system-site-packages probably due to Ansible and selinux? Propose something constructive, I don't believe venv is adding useless complexity, people are running more things than just kolla build on their hosts. | 13:16 |
mnasiadka | ah, you mean the images | 13:17 |
mnasiadka | well, PTG is coming, feel free to propose something - I'll create an etherpad | 13:17 |
mnasiadka | kevko, frickler: https://review.opendev.org/q/project:openstack/kolla+status:open+NOT+label:Workflow%3C%3D-1+NOT+label:Code-Review%3C%3D-2+label:Review-Priority%3D1 - would be nice to progress with those | 13:38 |
opendevreview | Michal Nasiadka proposed openstack/kolla master: Add ovn-bgp-agent / FRR / Horizon BGPVPN dashboard https://review.opendev.org/c/openstack/kolla/+/891617 | 13:49 |
opendevreview | Matt Crees proposed openstack/kayobe master: Fix: configure etc-hosts for overcloud group https://review.opendev.org/c/openstack/kayobe/+/907306 | 13:54 |
opendevreview | Michal Nasiadka proposed openstack/kolla-ansible master: cinder: Stop using admin service token https://review.opendev.org/c/openstack/kolla-ansible/+/908405 | 14:28 |
opendevreview | Seunghun Lee proposed openstack/kayobe master: Make matching OVS agent independent to OVN if OVS is explicitly enabled https://review.opendev.org/c/openstack/kayobe/+/907721 | 14:54 |
*** jph3 is now known as jph | 15:06 | |
opendevreview | Dawud proposed openstack/kolla-ansible master: Remove the `grafana` volume https://review.opendev.org/c/openstack/kolla-ansible/+/899136 | 16:14 |
opendevreview | Rafal Lewandowski proposed openstack/kayobe master: Add Redfish rules to Ironic and Bifrost introspection https://review.opendev.org/c/openstack/kayobe/+/902772 | 18:33 |
wncslln | hello o/, anyone already saw this error "nova | Ensure RabbitMQ users exist (5 retries left)." on rabbitmq reconfigure? | 20:28 |
wncslln | if i list rabbit vhosts, nothing appears | 20:28 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!